program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000c00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000200)='cq_process\x00', r0}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r1, 0x58, &(0x7f0000000100)}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000240)={0x2, 0xda0, 0x0, 0x0}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xf, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0xbb}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000dc0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18}}}]}, 0x48}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r9 = signalfd4(r2, &(0x7f0000000000)={[0x3]}, 0x8, 0xc0800) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0xc0010062}]}) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) [ 69.351981][ T4665] Bluetooth: hci0: command tx timeout [ 69.494506][ T5321] [ 69.495706][ T5321] ============================= [ 69.498204][ T5321] WARNING: suspicious RCU usage [ 69.499980][ T5321] 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0 Not tainted [ 69.502624][ T5321] ----------------------------- [ 69.504907][ T5321] ./include/linux/kvm_host.h:1059 suspicious rcu_dereference_check() usage! [ 69.508773][ T5321] [ 69.508773][ T5321] other info that might help us debug this: [ 69.508773][ T5321] [ 69.512382][ T5321] [ 69.512382][ T5321] rcu_scheduler_active = 2, debug_locks = 1 [ 69.515323][ T5321] no locks held by syz.0.0/5321. [ 69.517600][ T5321] [ 69.517600][ T5321] stack backtrace: [ 69.520121][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.14.0-rc2-syzkaller-00259-g7ff71e6d9239 #0 [ 69.520144][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.520154][ T5321] Call Trace: [ 69.520164][ T5321] [ 69.520174][ T5321] dump_stack_lvl+0x241/0x360 [ 69.520308][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.520329][ T5321] ? __pfx__printk+0x10/0x10 [ 69.520352][ T5321] lockdep_rcu_suspicious+0x226/0x340 [ 69.520377][ T5321] kvm_vcpu_gfn_to_memslot+0x429/0x4c0 [ 69.520403][ T5321] kvm_vcpu_write_guest+0x7c/0x130 [ 69.520422][ T5321] kvm_xen_write_hypercall_page+0x50a/0x5f0 [ 69.520447][ T5321] ? __pfx_kvm_xen_write_hypercall_page+0x10/0x10 [ 69.520475][ T5321] kvm_set_msr_common+0x154/0x3b10 [ 69.520492][ T5321] ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0 [ 69.520513][ T5321] ? __pfx_lock_release+0x10/0x10 [ 69.520533][ T5321] ? __pfx_kvm_set_msr_common+0x10/0x10 [ 69.520552][ T5321] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.520570][ T5321] vmx_set_msr+0x151d/0x26f0 [ 69.520584][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 69.520637][ T5321] ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0 [ 69.520662][ T5321] kvm_vcpu_reset+0xbea/0x1740 [ 69.520687][ T5321] ? __pfx_kvm_vcpu_reset+0x10/0x10 [ 69.520700][ T5321] ? __raw_spin_lock_init+0x45/0x100 [ 69.520722][ T5321] kvm_arch_vcpu_create+0x8f4/0xa80 [ 69.520744][ T5321] kvm_vm_ioctl_create_vcpu+0x3d8/0x8b0 [ 69.520771][ T5321] kvm_vm_ioctl+0x7be/0xd50 [ 69.520791][ T5321] ? mark_lock+0x9a/0x360 [ 69.520807][ T5321] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 69.520835][ T5321] ? tomoyo_path_number_perm+0x209/0x770 [ 69.520929][ T5321] ? __pfx_lock_release+0x10/0x10 [ 69.520954][ T5321] ? tomoyo_path_number_perm+0x5dd/0x770 [ 69.520975][ T5321] ? tomoyo_path_number_perm+0x5dd/0x770 [ 69.520997][ T5321] ? tomoyo_path_number_perm+0x65d/0x770 [ 69.521015][ T5321] ? __lock_acquire+0x1397/0x2100 [ 69.521034][ T5321] ? tomoyo_path_number_perm+0x209/0x770 [ 69.521052][ T5321] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 69.521094][ T5321] ? __fget_files+0x2a/0x410 [ 69.521117][ T5321] ? __fget_files+0x2a/0x410 [ 69.521139][ T5321] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 69.521159][ T5321] __se_sys_ioctl+0xf5/0x170 [ 69.521177][ T5321] do_syscall_64+0xf3/0x230 [ 69.521195][ T5321] ? clear_bhb_loop+0x35/0x90 [ 69.521220][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.521240][ T5321] RIP: 0033:0x7f292918cde9 [ 69.521254][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.521266][ T5321] RSP: 002b:00007f2929f33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.521287][ T5321] RAX: ffffffffffffffda RBX: 00007f29293a5fa0 RCX: 00007f292918cde9 [ 69.521298][ T5321] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 69.521308][ T5321] RBP: 00007f292920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 69.521317][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.521326][ T5321] R13: 0000000000000000 R14: 00007f29293a5fa0 R15: 00007fff67ceb8a8 [ 69.521347][ T5321]